You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: draft-ietf-rats-reference-interaction-models.md
+10-9Lines changed: 10 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -52,11 +52,11 @@ normative:
52
52
RFC7252: COAP
53
53
BCP205:
54
54
RFC9334: RATS
55
-
RFC9683: RIV
56
55
I-D.ietf-rats-epoch-markers: epoch-markers
57
56
58
57
informative:
59
58
I-D.birkholz-rats-tuda: TUDA
59
+
RFC9683: RIV
60
60
RFC9783: psa-token
61
61
RFC9781: uccs
62
62
DAA:
@@ -134,7 +134,7 @@ Analogously, a general overview about the information elements typically used by
134
134
# Introduction
135
135
136
136
Remote ATtestation procedureS (RATS, {{-RATS}}) are workflows composed of roles and interactions, in which Verifiers create Attestation Results about the trustworthiness of an Attester's system component characteristics.
137
-
Verifiers generate assessments in the form of Attestation Results that are based on Endorsements, Reference Values, Appraisal Policies, and Evidence -- trustable and tamper-evident Claims Sets about an Attester's system component characteristics.
137
+
The Verifier's assessment in the form of Attestation Results is produced based on Endorsements, Reference Values, Appraisal Policies, and Evidence -- trustable and tamper-evident Claims Sets about an Attester's system component characteristics -- generated by an Attester.
138
138
The roles *Attester* and *Verifier*, as well as the Conceptual Messages *Evidence* and *Attestation Results* are concepts defined by the RATS Architecture {{-RATS}}.
139
139
This document illustrates three main interaction models between various RATS roles, namely Attesters, Verifiers, and Relying Parties that can be used in specific RATS-related specifications.
140
140
Using Evidence as a prominent example, these three interaction models are:
@@ -149,13 +149,12 @@ The roles *Attester* and *Verifier*, as well as the Conceptual Messages *Evidenc
149
149
A persistent subscription-based model where Evidence is pushed continuously to interested Verifiers, optionally via a Broker.
150
150
151
151
As a basis to describe the interaction models is this document, the example of attestation Evidence conveyance is used to illustrate the usage scenarios.
152
-
The reference models defined can also be applied to the conveyance of other Conceptual Messages in RATS.
153
152
This document aims to:
154
153
155
154
1. prevent inconsistencies in descriptions of interaction models in other documents, which may occur due to text cloning and evolution over time, and to
156
155
2. highlight the exact delta/divergence between the core characteristics captured in this document and variants of these interaction models used in other specifications or solutions.
157
156
158
-
In summary, this document enables the specification and design of trustworthy and privacy-preserving conveyance methods for RATS Conceptual Messages; specifically attestation Evidence conveyed from an Attester to a Verifier.
157
+
In summary, this document enables the specification and design of trustworthy and privacy-preserving (see Section {{cryptographic-blinding}}) conveyance methods for RATS Conceptual Messages; specifically attestation Evidence conveyed from an Attester to a Verifier.
159
158
While the exact details for conveyance of other Conceptual Messages is out of scope, the models described in this document may be adapted to apply to the conveyance of other Conceptual Messages, such as Endorsements or Attestation Results, or supplemental messages, such as Epoch Markers {{-epoch-markers}} or stand-alone event logs.
160
159
161
160
# Terminology {#terminology}
@@ -178,7 +177,7 @@ Examples of such isolated environments include a Trusted Execution Environment (
178
177
179
178
## Boot Time Integrity
180
179
181
-
Boot time integrity refers to the trustworthiness of the platform during its boot sequence, typically covering firmware, BIOS/UEFI, initial bootloaders, and core operating system components up until a stable runtime environment is reached (typically via layered attestation).
180
+
Boot time integrity refers to the trustworthiness of the platform during its boot sequence, typically covering firmware, BIOS/UEFI, initial bootloaders, and core operating system components up until a stable runtime environment is reached.
182
181
This may apply equally to physical devices and virtual machines.
183
182
184
183
## Runtime Integrity
@@ -221,7 +220,7 @@ Integrity:
221
220
: Information provided by an Attester MUST NOT have been altered since it was created. This may be achieved via symmetric cryptography, e.g., using COSE Mac0 as in PSA TF-M profile ({{Section 5.2 of -psa-token}}), or asymmetric, such as a COSE Sign algorithm like ECDSA.
222
221
223
222
Authentication:
224
-
: The information provided by the Attester MUST be authentic. To do this, the Attester should authenticate itself to the Verifier. This can be done through implicit authentication using a digital signature over the Attestation Evidence, which does not require additional protocol steps, or by using a secure channel (see {{-uccs}}) that includes authentication.
223
+
: The information provided by the Attester MUST be authentic. To do this, the Attester should authenticate itself to the Verifier. This can be done through authentication using a digital signature over the Attestation Evidence, which does not require additional protocol steps, or by using a secure channel (see Sections 3 and 4 of {{-uccs}}) that includes authentication.
225
224
226
225
# Normative Prerequisites
227
226
@@ -444,7 +443,7 @@ In the second step, the Attester presents the Attestation Result (and possibly a
@@ -635,6 +634,7 @@ To manage this complexity, it is essential to define a clear policy for handle v
635
634
636
635
* *Synchronization Checks*:
637
636
Implement periodic synchronization checks between the Handle Distributor and both Attesters and Verifiers to ensure that handles are updated consistently across all participants.
637
+
For example, in TUDA {{-TUDA}}, synchronization checks can be realized by cryptographically binding local timestamps from Attesters and Verifiers to fresh Epoch Handles issued by a trusted Time Stamp Authority (TSA), thereby proving that both entities share a consistent notion of time.
638
638
639
639
* *Grace Periods*:
640
640
Define grace periods during which a newly issued handle starts being accepted, and the old handle stops being valid.
@@ -973,6 +973,7 @@ This document outlines three interaction models for remote attestation procedure
973
973
While the subsequent sections address additional security and privacy considerations, the security considerations from {{Section 12 of -RATS}} must also be adhered to.
974
974
Additionally, for TPM-based remote attestation, the security considerations outlined in {{Section 5 of -RIV}} should be taken into account.
975
975
976
+
{: #cryptographic-blinding}
976
977
## Cryptographic Blinding
977
978
978
979
In a remote attestation procedure, both the Verifier and the Attester may choose to cryptographically blind certain attributes to enhance privacy.
0 commit comments